Closed Bug 778328 Opened 12 years ago Closed 12 years ago

deploystudio images should regenerate SSH key

Categories

(Infrastructure & Operations :: RelOps: General, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: dustin, Assigned: dividehex)

Details

I've re-deploystudio'd a few minis now, and SSH isn't complaining that the SSH host key has changed. We should probably have a post-deploy task that regenerates these, otherwise everything will have the same host key.
> We should probably have a post-deploy task that regenerates these, otherwise > everything will have the same host key. What's the risk there?
It's minor, but it means that a well-known SSH key will be accepted for a wide range of IPs, and since we generally do password auth, that runs the risk of entering the password for a non-recognized slave.
Honestly, I think the fact that they have the same key is a feature. This means that we don't have to remove the key from known_hosts and re-add it every time a machine is reimaged. I seriously doubt that anyone is going to catch a spoofed machine this way since people log in so infrequently after reimaging that they will automatically accept the new key. This might also break any automated jobs that no longer trust the key of a reimaged machine.
Hm, OK..
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.